From b420e2a1da4a7678a5f09696a0f2c4d96ef46d71 Mon Sep 17 00:00:00 2001
From: Jakub Warmuz <jakub@warmuz.org>
Date: Tue, 2 Jun 2015 06:55:23 +0000
Subject: [PATCH 1/3] Fix --no-verify-ssl negation bug

---
 letsencrypt/client.py            |  2 +-
 letsencrypt/tests/client_test.py | 30 +++++++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/letsencrypt/client.py b/letsencrypt/client.py
index c4b8ef40c..a32722148 100644
--- a/letsencrypt/client.py
+++ b/letsencrypt/client.py
@@ -64,7 +64,7 @@ class Client(object):
         # TODO: Allow for other alg types besides RS256
         self.network = network2.Network(
             config.server, jwk.JWKRSA.load(self.account.key.pem),
-            verify_ssl=config.no_verify_ssl)
+            verify_ssl=(not config.no_verify_ssl))
 
         self.config = config
 
diff --git a/letsencrypt/tests/client_test.py b/letsencrypt/tests/client_test.py
index 5dade01b7..7687d5205 100644
--- a/letsencrypt/tests/client_test.py
+++ b/letsencrypt/tests/client_test.py
@@ -1,6 +1,7 @@
 """Tests for letsencrypt.client."""
 import os
 import unittest
+import pkg_resources
 import shutil
 import tempfile
 
@@ -11,7 +12,33 @@ from letsencrypt import configuration
 from letsencrypt import le_util
 
 
+KEY = pkg_resources.resource_string(
+    __name__, os.path.join("testdata", "rsa512_key.pem"))
+
+
+class ClientTest(unittest.TestCase):
+    """Tests for letsencrypt.client.Client."""
+
+    def setUp(self):
+        self.config = mock.MagicMock(no_verify_ssl=False)
+        # pylint: disable=star-args
+        self.account = mock.MagicMock(**{"key.pem": KEY})
+
+        from letsencrypt.client import Client
+        with mock.patch("letsencrypt.client.network2") as network2:
+            self.client = Client(
+                config=self.config, account_=self.account, dv_auth=None,
+                installer=None)
+        self.network2 = network2
+
+    def test_init_network_verify_ssl(self):
+        self.network2.Network.assert_called_once_with(
+            mock.ANY, mock.ANY, verify_ssl=True)
+
+
 class DetermineAccountTest(unittest.TestCase):
+    """Tests for letsencrypt.client.determine_authenticator."""
+
     def setUp(self):
         self.accounts_dir = tempfile.mkdtemp("accounts")
         account_keys_dir = os.path.join(self.accounts_dir, "keys")
@@ -54,7 +81,8 @@ class DetermineAccountTest(unittest.TestCase):
 
 
 class RollbackTest(unittest.TestCase):
-    """Test the rollback function."""
+    """Tests for letsencrypt.client.rollback."""
+
     def setUp(self):
         self.m_install = mock.MagicMock()
 

From 73e9956a481cf6504439ce437db1de978c00b046 Mon Sep 17 00:00:00 2001
From: e00E <vakevk+github@gmail.com>
Date: Tue, 2 Jun 2015 18:17:18 +0200
Subject: [PATCH 2/3] Fixed not passing a string as the private key to
 deploy_certificate when using an Installer plugin.

---
 letsencrypt/cli.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/letsencrypt/cli.py b/letsencrypt/cli.py
index 169b55aff..fe3be19bc 100644
--- a/letsencrypt/cli.py
+++ b/letsencrypt/cli.py
@@ -147,7 +147,7 @@ def install(args, config, plugins):
     acme, doms = _common_run(
         args, config, acc, authenticator=None, installer=installer)
     assert args.cert_path is not None
-    acme.deploy_certificate(doms, acc.key, args.cert_path, args.chain_path)
+    acme.deploy_certificate(doms, acc.key.file, args.cert_path, args.chain_path)
     acme.enhance_config(doms, args.redirect)
 
 

From 9a7ade7cba5cabd48e052322e82a6eb9ac6c53f0 Mon Sep 17 00:00:00 2001
From: Jakub Warmuz <jakub@warmuz.org>
Date: Tue, 2 Jun 2015 17:42:23 +0000
Subject: [PATCH 3/3] Rename cert_dir to csr_dir.

---
 letsencrypt/client.py                   |  2 +-
 letsencrypt/configuration.py            | 10 +++++-----
 letsencrypt/constants.py                |  2 +-
 letsencrypt/crypto_util.py              |  8 ++++----
 letsencrypt/interfaces.py               |  2 +-
 letsencrypt/tests/configuration_test.py |  4 ++--
 6 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/letsencrypt/client.py b/letsencrypt/client.py
index 02159f5d2..74ea529d2 100644
--- a/letsencrypt/client.py
+++ b/letsencrypt/client.py
@@ -134,7 +134,7 @@ class Client(object):
         cert_key = crypto_util.init_save_key(
             self.config.rsa_key_size, self.config.key_dir)
         csr = crypto_util.init_save_csr(
-            cert_key, domains, self.config.cert_dir)
+            cert_key, domains, self.config.csr_dir)
 
         # Retrieve certificate
         certr = self.network.request_issuance(
diff --git a/letsencrypt/configuration.py b/letsencrypt/configuration.py
index 00b45040a..670db0e76 100644
--- a/letsencrypt/configuration.py
+++ b/letsencrypt/configuration.py
@@ -19,7 +19,7 @@ class NamespaceConfig(object):
 
       - `accounts_dir`
       - `account_keys_dir`
-      - `cert_dir`
+      - `csr_dir`
       - `cert_key_backup`
       - `in_progress_dir`
       - `key_dir`
@@ -59,15 +59,15 @@ class NamespaceConfig(object):
     def backup_dir(self):  # pylint: disable=missing-docstring
         return os.path.join(self.namespace.work_dir, constants.BACKUP_DIR)
 
-    @property
-    def cert_dir(self):  # pylint: disable=missing-docstring
-        return os.path.join(self.namespace.config_dir, constants.CERT_DIR)
-
     @property
     def cert_key_backup(self):  # pylint: disable=missing-docstring
         return os.path.join(self.namespace.work_dir,
                             constants.CERT_KEY_BACKUP_DIR, self.server_path)
 
+    @property
+    def csr_dir(self):  # pylint: disable=missing-docstring
+        return os.path.join(self.namespace.config_dir, constants.CSR_DIR)
+
     @property
     def in_progress_dir(self):  # pylint: disable=missing-docstring
         return os.path.join(self.namespace.work_dir, constants.IN_PROGRESS_DIR)
diff --git a/letsencrypt/constants.py b/letsencrypt/constants.py
index 9d04fb4c2..c407f8825 100644
--- a/letsencrypt/constants.py
+++ b/letsencrypt/constants.py
@@ -67,7 +67,7 @@ CERT_KEY_BACKUP_DIR = "keys-certs"
 """Directory where all certificates and keys are stored (relative to
 `IConfig.work_dir`). Used for easy revocation."""
 
-CERT_DIR = "certs"
+CSR_DIR = "csrs"
 """Directory (relative to `IConfig.config_dir`) where CSRs are saved."""
 
 IN_PROGRESS_DIR = "IN_PROGRESS"
diff --git a/letsencrypt/crypto_util.py b/letsencrypt/crypto_util.py
index 1eb565289..9172fda46 100644
--- a/letsencrypt/crypto_util.py
+++ b/letsencrypt/crypto_util.py
@@ -55,7 +55,7 @@ def init_save_key(key_size, key_dir, keyname="key-letsencrypt.pem"):
     return le_util.Key(key_path, key_pem)
 
 
-def init_save_csr(privkey, names, cert_dir, csrname="csr-letsencrypt.pem"):
+def init_save_csr(privkey, names, path, csrname="csr-letsencrypt.pem"):
     """Initialize a CSR with the given private key.
 
     :param privkey: Key to include in the CSR
@@ -63,7 +63,7 @@ def init_save_csr(privkey, names, cert_dir, csrname="csr-letsencrypt.pem"):
 
     :param set names: `str` names to include in the CSR
 
-    :param str cert_dir: Certificate save directory.
+    :param str path: Certificate save directory.
 
     :returns: CSR
     :rtype: :class:`letsencrypt.le_util.CSR`
@@ -72,9 +72,9 @@ def init_save_csr(privkey, names, cert_dir, csrname="csr-letsencrypt.pem"):
     csr_pem, csr_der = make_csr(privkey.pem, names)
 
     # Save CSR
-    le_util.make_or_verify_dir(cert_dir, 0o755, os.geteuid())
+    le_util.make_or_verify_dir(path, 0o755, os.geteuid())
     csr_f, csr_filename = le_util.unique_file(
-        os.path.join(cert_dir, csrname), 0o644)
+        os.path.join(path, csrname), 0o644)
     csr_f.write(csr_pem)
     csr_f.close()
 
diff --git a/letsencrypt/interfaces.py b/letsencrypt/interfaces.py
index 7e9133ba3..17905149a 100644
--- a/letsencrypt/interfaces.py
+++ b/letsencrypt/interfaces.py
@@ -162,7 +162,7 @@ class IConfig(zope.interface.Interface):
     account_keys_dir = zope.interface.Attribute(
         "Directory where all account keys are stored.")
     backup_dir = zope.interface.Attribute("Configuration backups directory.")
-    cert_dir = zope.interface.Attribute("Certificates and CSRs storage.")
+    csr_dir = zope.interface.Attribute("CSRs storage.")
     cert_key_backup = zope.interface.Attribute(
         "Directory where all certificates and keys are stored. "
         "Used for easy revocation.")
diff --git a/letsencrypt/tests/configuration_test.py b/letsencrypt/tests/configuration_test.py
index 345e3abbc..38fea140a 100644
--- a/letsencrypt/tests/configuration_test.py
+++ b/letsencrypt/tests/configuration_test.py
@@ -33,8 +33,8 @@ class NamespaceConfigTest(unittest.TestCase):
         constants.ACCOUNTS_DIR = 'acc'
         constants.ACCOUNT_KEYS_DIR = 'keys'
         constants.BACKUP_DIR = 'backups'
-        constants.CERT_DIR = 'certs'
         constants.CERT_KEY_BACKUP_DIR = 'c/'
+        constants.CSR_DIR = 'csrs'
         constants.IN_PROGRESS_DIR = '../p'
         constants.KEY_DIR = 'keys'
         constants.REC_TOKEN_DIR = '/r'
@@ -47,7 +47,7 @@ class NamespaceConfigTest(unittest.TestCase):
             self.config.account_keys_dir,
             '/tmp/config/acc/acme-server.org:443/new/keys')
         self.assertEqual(self.config.backup_dir, '/tmp/foo/backups')
-        self.assertEqual(self.config.cert_dir, '/tmp/config/certs')
+        self.assertEqual(self.config.csr_dir, '/tmp/config/csrs')
         self.assertEqual(
             self.config.cert_key_backup, '/tmp/foo/c/acme-server.org:443/new')
         self.assertEqual(self.config.in_progress_dir, '/tmp/foo/../p')